Hi,
i have a problem with ACLs. I will to grant access to IP. my ACL:
olcAccess: to dn.subtree="ou=people,dc=example,dc=de"
by group.exact="cn=lda,ou=Endsysteme,dc=example,dc=de" write
by group.exact="cn=kon,ou=Endsysteme,dc=example,dc=de" read
by peername.ip=127.0.0.1 read
by * none
But i become error:
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: <olcAccess> handler exited with 1
in logs:
conn=1034 op=4 MOD attr=olcAccess olcAccess
Feb 11 13:33:07 ldap slapd2.4[21279]: slapd: line 0: expecting <access> got
"writeby".
Feb 11 13:33:07 ldap slapd2.4[21279]: <access clause> ::= access to <what> [
by <who> [ <access> ] [ <control> ] ]+ <what> ::= * | dn[.<dnstyle>=<DN>]
[filter=<filter>] [attrs=<attrspec>] <attrspec> ::= <attrname>
[val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist> <attrlist> ::=
<attr> [ , <attrlist> ] <attr> ::= <attrname> | @<objectClass> |
!<objectClass> | entry | children <who> ::= [ * | anonymous | users | self |
dn[.<dnstyle>]=<DN> ] [ realanonymous | realusers | realself |
realdn[.<dnstyle>]=<DN> ] [dnattr=<attrname>]
[realdnattr=<attrname>]
[group[/<objectclass>[/<attrname>]][.<style>]=<group>]
[peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>]
[domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]
[dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]] [ssf=<n>]
[transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>] <style> ::= exact | regex |
base(Object) <dnstyle> ::= base(Object) | one(level) | sub(tree) | children
| exact | regex <attrstyle> ::= exact | regex | base(Obj
Feb 11 13:33:07 ldap slapd2.4[21279]: conn=1034 op=4 RESULT tag=103 err=80
text=<olcAccess> handler exited with 1
I have OpenLDAP 2.4.22. If i remove "by peername.ip=127.0.0.1 read" it
works.
Thanks for help!
Kind regards
Natalia